A2 : Broken Authentication and Session Management

Login to view Personal Information

There is a flaw in the way this page handles authentication and sessions.

There is a login required to view personal information.
Login credentials for user1 : username - 'user1', password - '145_Bluxome'
There is another user with username 'user2'. You have to steal his personal information by exploiting the vulnerability on this page.

Hint 1

Login as user1 and see how Session Management is being done.
Hint 2

Look at the session cookie. Does it look predictable?
Solution

sessionID cookie is a SHA1 hash of the username. Replace SHA1(user1) in the cookie by SHA1(user2) to authenticate as user2.
i.e. sessionID=a1881c06eec96db9901c7bbfe41c42a3f08e9cb4

A2 : Broken Authentication and Session Management

Hint 1

Hint 2

Solution